PT-2025-47269

Name of the Vulnerable Software and Affected Versions Serv-U versions prior to 15.5.3 Description A Path Restriction Bypass exists in Serv-U that allows a malicious actor with administrative privileges to execute code on a directory. This requires administrative privileges to exploit. On Windows...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12.81 packages and security update

Red Hat OpenShift Container Platform release 4.12.81 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

Vim < 9.1.1198 Argument Injection (GHSA-693p-m996-3rmf)

The version of Vim installed on the remote host is prior to 9.1.1198. It is, therefore, affected by a vulnerability as referenced in the GHSA-693p-m996-3rmf advisory. - Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.119...

Ethercreative Logs 3.0.3 - Path Traversal

Exploit Title: Ethercreative Logs 3.0.3 - Path Traversal Date: 2022.01.26 Exploit Author: Steffen Rogge, SC Vendor Homepage: https://github.com/ethercreative/logs Software Link: https://plugins.craftcms.com/logs Version: =3.0.4 impact: Medium found: 2021-07-06 SEC Consult Vulnerability Lab An...

CBL Mariner 2.0 Security Update: vim (CVE-2025-29768)

The version of vim installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-29768 advisory. - Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions...

CVE-2025-29768

Summary: CVE-2025-29768 affects Vim before 9.1.1198. The issue, described as potential data loss when opening certain crafted zip files via zip.vim, requires user interaction (viewing archive and selecting a filename) to trigger. A patch exists in Vim 9.1.1198 and later. Affected scope (from prov...

GHSA-3WGQ-H4FR-CWG5 laravel-crud-wizard-free has File Validation Bypass

Impact Medium Patches Version 3.4.17 fixes illuminate/validation v 8.0.0 to 11.44.0 Workarounds Register \MacropaySolutions\LaravelCrudWizard\Providers\ValidationServiceProvider instead of Illuminate\Validation\ValidationServiceProvider::class if you are using illuminate/validation 11.44.1...

laravel-crud-wizard-free has File Validation Bypass

Impact Medium Patches Version 3.4.17 fixes illuminate/validation v 8.0.0 to 11.44.0 Workarounds Register \MacropaySolutions\LaravelCrudWizard\Providers\ValidationServiceProvider instead of Illuminate\Validation\ValidationServiceProvider::class if you are using illuminate/validation 11.44.1...

Linux Distros Unpatched Vulnerability : CVE-2025-22134

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly...

Vim 9.1.1003 (GHSA-5rgf-26wj-48v8)

The version of Vim installed on the remote host is prior to 9.1.1003. It is, therefore, affected by a vulnerability as referenced in the GHSA-5rgf-26wj-48v8 advisory. - When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow...

CVE-2025-22134

When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visu...

AZL-55582 CVE-2025-22134 affecting package vim for versions less than 9.1.0791-3

When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visu...

CVE-2025-22134 heap-buffer-overflow with visual mode in Vim < 9.1.1003

When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visu...

CVE-2025-22134 heap-buffer-overflow with visual mode in Vim < 9.1.1003

When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visu...

CVE-2025-22134

Vim vulnerable to a heap-buffer overflow when switching buffers with Visual mode active via :all. Root cause: Vim does not end Visual mode before opening other windows/buffers, risking access beyond the end of a line. A fix is available in Vim patch 9.1.1003, which properly resets Visual mode and...

GHSA-52CW-PVQ9-9M5V Silverstripe uses TinyMCE which allows svg files linked in object tags

Impact TinyMCE v6 has a configuration value convertunsafeembeds set to false which allows svg files containing javascript to be used in or tags, which can be used as a vector for XSS attacks. Note that tags are not allowed by default. After patching the default value of convertunsafeembeds will b...

GHSA-WQM8-JX8R-8RCQ Cross-site scripting vulnerabilities in old version of bundled TinyMCE

An old version of TinyMCE include an XSS vulnerability, which was patched in a later version. This was described by TinyMCE: A cross-site scripting XSS vulnerability was discovered in the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piec...

Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication Vulnerabilities

Arris DG3450 cable gateway version AR01.02.056.18041520711.NCS.10 suffers from cross site scripting and missing authentication vulnerabilities. ======================================================================= title: Multiple Vulnerabilities product: Arris DG3450 Cable Gateway vulnerable...

MultiRewardEscrow.claimRewards() can break for rebasing tokens

Lines of code Vulnerability details Rebasing tokens make balanceOf modifications arbitrarily e.g: Aave share tokens. If such token is used in an escrow, the balance could become insufficient at the time of claiming rewards, making it impossible to claim rewards for that escrow. Impact Medium Proo...

Vulnerability in NVIDIA Data Plane Development Kit Affecting Cisco Products: August 2022

On August 29, 2022, NVIDIA announced the following vulnerability with a medium impact: CVE-2022-28199: Security Bulletin: NVIDIA Data Plane Development Kit MLNXDPDK - August 2022 For a description of this vulnerability, see Security Bulletin: NVIDIA Data Plane Development Kit MLNXDPDK - August 20...